web: Add ENABLE_HSTS flag to disable strict-transport-security header

2020-12-17 20:32:54 +12:00
parent f8560371f5
commit 0b2514101c
3 changed files with 8 additions and 0 deletions
--- a/web/rootfs/defaults/ssl.conf
+++ b/web/rootfs/defaults/ssl.conf
@@ -23,4 +23,6 @@ ssl_prefer_server_ciphers off;
 ssl_dhparam /defaults/ffdhe2048.txt;

 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+{{ if .Env.ENABLE_HSTS | default "1" | toBool }}
 add_header Strict-Transport-Security "max-age=63072000" always;
+{{ end }}